Vulnerability Note VU#122656
Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability
Overview
Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.
Description
It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so (symlinked to /usrl/lib/browser/plugins/libkindleplugin.so) that can be used by the system-wide WebKit engine. libkindleplugin is scriptable by the browser and can be invoked to access its "exported" native methods when a user accesses a web page containing embedded scripts. The user eureka has reported on the MobileRead forums that they have found multiple "exported" properties and methods associated with libkindleplugin.
|
Impact
By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges. |
Solution
Update
|
Disable libkindleplugin |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Amazon | Affected | 30 Jul 2012 | 01 Aug 2012 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Temporal | 7.3 | E:POC/RL:OF/RC:C |
| Environmental | 1.8 | CDP:N/TD:L/CR:ND/IR:ND/AR:ND |
References
Credit
Thanks to eureka on the MobileRead forums for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
- CVE IDs: CVE-2012-4248 CVE-2012-4249
- Date Public: 04 Apr 2012
- Date First Published: 30 Jul 2012
- Date Last Updated: 08 Apr 2013
- Document Revision: 22
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.